图书情报工作 ›› 2019, Vol. 63 ›› Issue (16): 43-53.DOI: 10.13266/j.issn.0252-3116.2019.16.005

• 工作研究 • 上一篇    下一篇

个人云存储服务的技术安全风险关键影响因素识别与分析

程慧平1,2, 彭琦1   

  1. 1. 湖北工业大学经济与管理学院 武汉 430068;
    2. 西北大学公共管理学院 西安 710127
  • 收稿日期:2018-10-30 修回日期:2019-02-21 出版日期:2019-08-20 发布日期:2019-08-20
  • 作者简介:程慧平(ORCID:0000-0003-4631-7997),教授,博士,E-mail:chenghuiping@nwu.edu.cn;彭琦(ORCID:0000-0001-5628-3482),硕士研究生。
  • 基金资助:
    本文系国家自然科学基金青年项目"面向个人用户的云存储服务使用行为机理及安全风险控制研究"(项目编号:71603075)研究成果之一。

Identification and Analysis of the Key Influencing Factors on Technical Security Risk of Personal Cloud Storage Service

Cheng Huiping1,2, Peng Qi1   

  1. 1. School of Economics and Management of Hubei University of Technology, Wuhan 430068;
    2. School of Public Management of Northwest University, Xi'an 710127
  • Received:2018-10-30 Revised:2019-02-21 Online:2019-08-20 Published:2019-08-20

摘要: [目的/意义]近年来个人云存储服务的技术安全问题屡见不鲜,严重影响了个人云存储服务用户持续使用率。识别和分析使用云存储服务的技术安全风险的关键影响因素,对于个人云存储服务提供商提供安全云存储服务、提高个人云存储服务用户粘性具有重要实践意义。[方法/过程]基于文献调研、专家访谈、云计算安全报告(Gartner)、云计算安全架构与标准(ENISA、CSA、FedRAMP、MTCS),构建个人云存储服务的技术安全风险影响因素指标体系。通过专家问卷调查得出个人云存储服务的技术安全风险评估体系中各影响因素之间的直接影响矩阵,运用Fuzzy-DEMATEL方法对个人云存储服务技术安全风险影响因素的因果关系及重要程度进行分析,揭示个人云存储服务技术安全风险关键影响因素。[结果/结论]个人云存储服务技术安全风险关键影响因素包括:访问控制、服务/账户劫持、软件安全风险、虚拟化漏洞、数据传输安全。最后,依据实证研究结论,为个人云存储服务提供商构建安全云存储服务提供可行的技术建议。本研究丰富了个人云存储服务安全风险理论研究成果,为个人云存储服务提供商保障用户数据安全提供实践参考。

关键词: 个人云存储服务, 云存储安全, 云计算安全, Fuzzy-DEMATEL, 技术安全风险

Abstract: [Purpose/significance] In recent years, the technical security problems of personal cloud storage service are common, which severely hinders users' continuous usage of personal cloud storage service. It is of great practical significance to identify and analyze the key factors that affect the technical security risk of personal cloud storage service for personal cloud storage service providers to offer secure cloud storage service as well as increase user engagement with personal cloud storage service.[Method/process] Based on literature surveys, expert interviews, cloud computing security reports put forward by Gartner, and cloud computing security frameworks and standards (ENISA, CSA, FedRAMP, MTCS), the technical security risk factors indicator system of personal cloud storage service is constructed. The direct influence matrix between the influencing factors of technical security risk evaluation indicator system of personal cloud storage service is obtained through questionnaire survey with experts. This paper analyzes the causal category and the degree of importance of the influencing factors of personal cloud storage service technical security risks by applying Fuzzy-DEMATEL method, and identifies the key influencing factors of personal cloud storage service technical security risk.[Result/conclusion] The critical influencing factors of personal cloud storage service technical security risk are:access control, service/account hijacking, software security risk, virtualization vulnerability, and data transmission security. Finally, according to the empirical conclusions, it provides feasible technical advice for building a secure cloud storage service for personal cloud storage service providers. This study enriches the theoretical research results of personal cloud storage service security risk, and provides practical references for the personal cloud storage service providers to guarantee user data security.

Key words: personal cloud storage service, cloud storage security, cloud computing security, Fuzzy-DEMATEL, technical security risk

中图分类号: